Chapter 2 -2024 Ethics for IT Workers and IT Users -second.pdf

Transcript

Ethics in Information Technology, Fourth Edition Chapter 2 Ethics for IT Workers and IT Users 1 Objectives As you read this chapter, consider the following questions: – What key characteristics distinguish a professional from other kinds of workers, and is an IT worker considered a professional? – What factors are transforming the professional services industry? – What relationships must an IT worker manage, and what key ethical issues can arise in each? Ethics in Information Technology, Fourth Edition 2 Objectives (cont’d.) – How do codes of ethics, professional organizations, certification, and licensing affect the ethical behavior of IT professionals? – What is meant by compliance, and how does it help promote the right behaviors and discourage undesirable ones? Ethics in Information Technology, Fourth Edition 3 IT Professionals Profession is a calling that requires: – Specialized knowledge – Long and intensive academic preparation Professionals: – Require advanced training and experience – Must exercise discretion and judgment in their work – Their work cannot be standardized – Contribute to society, participate in lifelong training, assist other professionals – Carry special rights and responsibilities Ethics in Information Technology, Fourth Edition 4 Extra note The terms "specialist" and "professional" are often used interchangeably, but they do have distinct meanings. A "specialist" typically refers to someone who has expertise in a specific area or field, often as a result of focused training or experience. On the other hand, a "professional" generally refers to someone who is engaged in a specific occupation or activity and is characterized by their adherence to high ethical and quality standards, often supported by formal education and training What is Professional Services Industry It is a term that refers to any business, department, or individual whose core output is a service or expertise rather than a manufactured product. Are IT Workers Professionals? Partial list of IT specialists – Programmers – Systems analysts – Software engineers – Database administrators – Local area network (LAN) administrators – Chief information officers (CIOs) Ethics in Information Technology, Fourth Edition 5 Are IT Workers Professionals? (cont’d.) Legal perspective – IT workers do not meet legal definition of professional Not licensed by state or federal government Not liable for malpractice Ethics in Information Technology, Fourth Edition 6 What is a Professional Relationships interpersonal connection between two or more people in a place of business. Professional relationships are usually more formal than relationships that exist outside of work. Professional Relationships That Must Be Managed IT workers involved in relationships with: – Employers – Clients – Suppliers – Other professionals – IT users – Society at large Ethics in Information Technology, Fourth Edition 8 Ethical issues between IT worker and employers Software piracy – Act of illegally making copies of software or enabling access to software to which they are not entitled – The Business Software Alliance (BSA) is a trade group representing the world’s largest software and hardware manufacturers; mission is to stop the unauthorized copying of software – Ethics in Information Technology, Fourth Edition 10 Ethical issues between IT worker and employers – Trade secrets Business information generally unknown to public Company takes actions to keep confidential Require cost or effort to develop – Whistle-blowing Employee attracts attention to a negligent, illegal, unethical, abusive, or dangerous act that threatens the public interest Ethics in Information Technology, Fourth Edition 12 Relationships Between IT Workers and Clients IT worker provides: – Hardware, software, or services at a certain cost and within a given time frame Client provides: – Compensation – Access to key contacts – Work space Relationship is usually documented in contractual terms Ethics in Information Technology, Fourth Edition 13 Ethical issues Between IT Workers and Clients Conflict of interest:- a conflict between a person’s (or firm’s) self-interest and the interests of a client. Fraud: - the crime of obtaining goods, services, or property through deception or trickery Misrepresentation: - misstatement or incomplete statement of a material fact. Breach of contract:- when one party fails to meet the terms of a contract. Material breach of contract:- when a party fails to perform certain express or implied obligations Ethics in Information Technology, Fourth Edition 15 Ethical issues Between IT Workers and Suppliers Develop good working relationships with suppliers: – To encourage flow of useful information and ideas to develop innovative and cost-effective ways of using the supplier in ways that the IT worker may not have considered – By dealing fairly with them – By not making unreasonable demands Ethics in Information Technology, Fourth Edition 18 Ethical issues Between IT Workers and Suppliers (cont’d.) Bribery – Providing money, property, or favors to obtain a business advantage – U.S. Foreign Corrupt Practices Act (FCPA):act to crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office Ex: At what point does a gift become a bribe? – No gift should be hidden – Perceptions of donor and recipient can differ – United Nations Convention Against Corruption is a global treaty to fight bribery and corruption Ethics in Information Technology, Fourth Edition 19 Relationships Between IT Workers and Suppliers (cont’d.) Ethics in Information Technology, Fourth Edition 20 Ethical issues Between IT Workers and Other Professionals Professionals owe each other adherence to their profession’s code of conduct Ethical problems among the IT profession – Résumé inflation on 30% of U.S. job applications – Inappropriate sharing of corporate information Information might be sold intentionally or shared informally with those who have no need to know Ethics in Information Technology, Fourth Edition 21 Ethical issues Between IT Workers and IT Users IT user: person using a hardware or software product IT workers’ duties – Understand users’ needs and capabilities – Deliver products and services that meet those needs – Establish environment that supports ethical behavior: To discourages software piracy To minimize inappropriate use of corporate computing resources To avoid inappropriate sharing of information Ethics in Information Technology, Fourth Edition 22 Relationships Between IT Workers and Society Society expects members of a profession: – To provide significant benefits – To not cause harm through their actions Actions of an IT worker can affect society Professional organizations provide codes of ethics to guide IT workers’ actions Ethics in Information Technology, Fourth Edition 23 Impact of Codes of Ethics on ethical behavior 1.A professional code of ethics states the principles and core values that are essential to the work of a particular occupational group. Practitioners in many professions subscribe to a code of ethics that governs their behavior. 2.An important point to make is that laws do not provide a complete guide to ethical behavior. Just because an activity is not defined as illegal does not mean it is ethical. 24 Professional Codes of Ethics (cont’d.) Following a professional code of ethics can produce benefits for the individual, the profession, and society as a whole – Ethical decision making – High standards of practice and ethical behavior – Trust and respect from general public – Evaluation benchmark for self-assessment Ethics in Information Technology, Fourth Edition 25 Impact of Professional Organizations on ethical behavior help IT workers to network with others , seek out new ideas ,and continually build on their personal skills and expertise. Five of the most prominent organizations include: – 1. 2. 3. Association for Computing Machinery (ACM) Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS) Association of IT Professionals (AITP) 4. SysAdmin, Audit, Network, Security (SANS) Institute Ethics in Information Technology, Fourth Edition 26 Impact of Certification on ethical behavior Certification : Indicates that a professional possesses a particular set of skills, knowledge, or abilities in the opinion of the certifying organization Can also apply to products Certification is not a substitute for experience and does not guarantee that a person will perform well on the job. As a result, some hiring managers are rather cynical about the value of certifications. Ethics in Information Technology, Fourth Edition 27 Impact of Certification on ethical behavior Vendor certifications – Some certifications substantially improve IT workers’ salaries and career prospects – Relevant for narrowly defined roles or certain aspects of broader roles – Require passing a written exam, or in some cases, a hands-on lab to demonstrate skills and knowledge – Can take years to obtain necessary experience – Training can be expensive Ethics in Information Technology, Fourth Edition 28 Impact of Government Licensing on ethical behavior License is a government-issued permission to engage in an activity or operate a business. Case for licensing IT workers – Encourages following highest standards of profession – Encourages practicing a code of ethics – Violators would be punished Without licensing, there are no requirements for heightened care and no concept of professional malpractice 30 Issues associated with government licensing of IT workers – There are few licensing programs for IT professionals No universally accepted core body of knowledge Unclear who should manage content and administration of licensing exams No administrative body to accredit professional education programs No administrative body to assess and ensure competence of individual workers Ethics in Information Technology, Fourth Edition 32 IT Professional Malpractice Negligence: not doing something that a reasonable person would do, or doing something that a reasonable person would not do Duty of care: obligation to protect people against any unreasonable harm or risk – Reasonable person standard – Reasonable professional standard Professional malpractice: professionals who breach the duty of care are liable for injuries that their negligence causes Ethics in Information Technology, Fourth Edition 33 Common Ethical Issues for IT Users Software piracy :Sometimes IT users are the ones who commit software piracy. A common violation occurs when employees copy software from their work computers for use at home Inappropriate use of computing resources – Erodes productivity and wastes time – Could lead to lawsuits Inappropriate sharing of information, including: – Every organization stores vast amounts of private or confidential data Private data (employees and customers) Confidential information (company and operation Ethics in Information Technology, Fourth Edition 35 Supporting the Ethical Practices of IT Users Policies that protect against abuses: – Set forth general rights and responsibilities of users – Create boundaries of acceptable behavior – Enable management to punish violators Policy components include: – Establishing guidelines for use of company software – Defining appropriate use of IT resources – Structuring information systems to protect data and information – Installing and maintaining a corporate firewall Ethics in Information Technology, Fourth Edition 36 Supporting the Ethical Practices of IT Users (cont’d.) Ethics in Information Technology, Fourth Edition 37 Ethics in Information Technology, Fourth Edition 38 Compliance To be in accordance with established policies, guidelines, specifications, and legislation – Sarbanes-Oxley – established requirements for internal controls – HIPAA – ensures security and privacy of employee healthcare data – Failure to be in conformance can lead to criminal or civil penalties and also lawsuits Ethics in Information Technology, Fourth Edition 39 Compliance (cont’d.) Major challenge to comply with multiple government and industry regulations that are sometimes in conflict To meet this challenge: – Implement software to track and record compliance actions – Hire management consultants for advice and training – Create Chief Compliance Officer position Ethics in Information Technology, Fourth Edition 40 Audit committee Audit committee is subset of the board of directors, with oversight for the following activities: – Quality and integrity of accounting and reporting practices and controls – Compliance with legal and regulatory requirements – Qualifications, independence, and performance of organization’s independent auditor – Performance of company’s internal audit team Ethics in Information Technology, Fourth Edition 41 Compliance (cont’d.) Internal audit committee responsibilities: – Determine that internal systems and controls are adequate and effective – Verify existence of company assets and maintain proper safeguards over their protection – Measure the organization’s compliance with its own policies and procedures – Insure that institutional policies and procedures, appropriate laws, and good practices are followed – Evaluate adequacy and reliability of information available for management decision making Ethics in Information Technology, Fourth Edition 42 Summary Professionals – Require advanced training and experience – Must exercise discretion and judgment in their work – Their work cannot be standardized From a legal standpoint, a professional: – Has passed the state licensing requirements – Has earned the right to practice in a state(s) IT professionals have many different relationships – Each with its own ethical issues and potential problems Ethics in Information Technology, Fourth Edition 43 Summary (cont’d.) Professional code of ethics – States the principles and core values essential to the work of an occupational group – Serves as a guideline for ethical decision making – Promotes high standards of practice and behavior – Enhances trust and respect from the general public – Provides an evaluation benchmark Licensing and certification of IT professionals – Would increase the reliability and effectiveness of information systems – Raises many issues Ethics in Information Technology, Fourth Edition 44 Summary (cont’d.) IT-related professional organizations have developed their code of ethics that: – Outlines what the organization aspires to become – Lists rules and principles for members – Includes a commitment to continuing education for those who practice the profession Audit committee and internal audit team have a major role in ensuring that both the IT organization and IT users are in compliance with guidelines and various legal and regulatory practices Ethics in Information Technology, Fourth Edition 45 Thank you